netwire | 7668b4f124d00c48ac9c4ecad5d14d40d4c0bc71eb98979a3ca0adb1c276ed37 | Triage

Submit
Reports

Overview

overview

Static

static

7668b4f124...37.exe

windows7-x64

7668b4f124...37.exe

windows10-2004-x64

4

Sharing

General

Target

7668b4f124d00c48ac9c4ecad5d14d40d4c0bc71eb98979a3ca0adb1c276ed37
Size

292KB
Sample

220725-ag2m4sehdm
MD5

620399ca3fa933940813332a6aa2d003
SHA1

838b5bf26b4b18bf7bf531164ad659771bcdb136
SHA256

7668b4f124d00c48ac9c4ecad5d14d40d4c0bc71eb98979a3ca0adb1c276ed37
SHA512

81c620b98ab7c179f5373d335472936209215133df9655166d276798069b0341fb51d59f7e2860839f92b67aeb9ed28bd019e915f0d533707ec6ebe8edd8c3f5

Score

10^/10

netwire botnet persistence rat stealer

Static task

static1

Behavioral task

behavioral1

Sample

7668b4f124d00c48ac9c4ecad5d14d40d4c0bc71eb98979a3ca0adb1c276ed37.exe

Resource

win7-20220718-en

netwire botnet persistence rat stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

7668b4f124d00c48ac9c4ecad5d14d40d4c0bc71eb98979a3ca0adb1c276ed37.exe

Resource

win10v2004-20220721-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  7668b4f124d00c48ac9c4ecad5d14d40d4c0bc71eb98979a3ca0adb1c276ed37
- Size
  
  292KB
- MD5
  
  620399ca3fa933940813332a6aa2d003
- SHA1
  
  838b5bf26b4b18bf7bf531164ad659771bcdb136
- SHA256
  
  7668b4f124d00c48ac9c4ecad5d14d40d4c0bc71eb98979a3ca0adb1c276ed37
- SHA512
  
  81c620b98ab7c179f5373d335472936209215133df9655166d276798069b0341fb51d59f7e2860839f92b67aeb9ed28bd019e915f0d533707ec6ebe8edd8c3f5
Score

10^/10

netwire botnet persistence rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netwirebotnetpersistenceratstealer

behavioral2

© 2018-2024

Terms | Privacy